Variant key matrix cipher system

ABSTRACT

This is a cipher system for enciphering a stream of binary data by means of a product cipher. A clear message represented in a binary data format is transformed into a cipher message by operating on each bit of clear information with a complex modulo-two addition function. This function is dependent on previous internal cipher digits transmitted and varies for each message bit processed. The function is developed by continually shifting a key matrix under the control of a varying control matrix. The control matrix is formed from the sub-product of the complex function developed in generating each cipher bit.

CROSS-REFERENCE TO RELATED APPLICATIONS

Reference is hereby made to application Ser. No.: 158,360, entitled"Block Cipher Cryptographic System," and application Ser. No.: 158,174,entitled "Step Code Ciphering System" both filed on June 30, 1971 and toapplication Ser. No.: 194,836, entitled "Recirculating Block CipherCryptographic System," filed Nov. 2, 1971, all assigned to the sameassignee as the present application.

BACKGROUND OF THE INVENTION

With the growing use of remote-access computer networks which provide alarge number of subscribers with access to "data banks" for receiving,storing, processing and furnishing information of a confidential nature,the need for data security has increased significantly. Generally,present-day computing centers have elaborate procedures for maintainingphysical security at the location where the central processor anddata-storage facilities are located. For example, some of the procedureswhich have been used are: restriction of personnel within the computercenter, utilization of mechanical keys for activation of equipment, andcamera observation. These security procedures, while providing a measureof safety in keeping unauthorized individuals from the physicalcomputing center itself, are not effective with respect to largeremote-access computer networks which have many terminals located atdistant sites, connected to the central processor by either cable ortelecommunication lines.

Some digital techniques have been implemented in computing systems forthe purpose of maintaining privacy of data. One such approach is the useof a device generally known as "memory protection." This type of datasecurity technique associates a unique binary key with selected segmentsof the storage within the central processor. Then, internal to theprocessor, there are present various protection circuits that check fora match of the binary key during the operation of executableinstructions and access to sections of storage. This type of securitymeasure is generally ineffective in protecting information within thecomputing system from unauthorized individuals who have knowledge of thecomputing system circuitry, and who can devise sophisticated programmingtechniques for illegally obtaining unauthorized data.

In the field of communications, cryptography has long been recognized asa means for achieving security and privacy. Many systems have beendeveloped in the prior art for encrypting messages for maintainingsecrecy of communications. For example, one well-known technique whichhas been used for generating "ciphertext" from "cleartext" messages isof substitution. In systems which utilize substitution, letters orsymbols that comprise the clear message are replaced by some othersymbols in accordance with a predetermined "key." The resultingsubstituted message is a cipher which is expected to be secret andhopefully can not be understood without the knowledge of the secret key.A particular advantage of substitution in accordance with a prescribedkey is that the deciphering operation is easily implemented by reverseapplication of the key. A common implementation of substitutiontechniques may be found in ciphering-wheel devices, for example, thosedisclosed in U.S. Pat. Nos. 2,964,856 and 2,984,700, filed Mar. 10, 1941and Sept. 22, 1944 respectively.

Further teachings on the design principles of more advanced substitutiontechniques may be found in "Communication Theory of Secrecy Devices" byC. E. Shannon, Bell System Technical Journal, Vol. 28, Pages 656-715,October 1949. Shannon, in his paper, presents further developments inthe art of cryptography for expounding the product cipher, that is, thesuccessive application of two or more distinctly different kinds ofmessage-symbol transformations. One example of a product cipher consistsof a symbol substitution followed by a symbol transposition.

Another well-known technique for enciphering a clear messagecommunication is the use of a stream-generator sequence which isutilized to form a modulo sum with the symbols that comprise the clearmessage. The cipher output message stream formed by the modulo sum wouldthen be unintelligible to the receiver of the message, if it does nothave knowledge of the stream-generator sequence. Examples of suchstream-generators may be found in U.S. Pat. Nos. 3,250,855 and3,364,308, filed May 23, 1962 and Jan. 23, 1963, respectively.

Various ciphering systems have been developed in the prior art forrearranging communication data in some ordered way to provide secrecy.For example, U.S. Pat. No. 3,522,374 filed June 12, 1967 teaches theprocessing of a clear message with a key-material generator thatcontrols the number of cycles for enciphering and deciphering. Relatedto this patent is U.S. Pat. No. 3,506,783 filed June 12, 1967 whichdiscloses the means for generating the key-material which gives a verylong pseudo-random sequence. Another approach which has been utilized inthe prior art for establishing secret communications is the coding ofthe messages electrical signal representations that are transmitted overthe communications channel. This type of technique is usually moreuseful in preventing jamming rather than in preventing a cryptanalystfrom understanding a cipher message. Exemplary systems of this type maybe found in U.S. Pat. Nos. 3,411,089, filed June 28, 1962 and 3,188,390,filed June 8, 1965.

In the area of computer data communications, it has generally been foundthat product ciphers are superior to other types of ciphering schemes,as discussed in "Cryptography and Computer Privacy" by H. Fesitel,Scientific American, Volume 228, No. 5, May 1973, pp. 15-23. Examples ofproduct ciphering systems are disclosed in co-pending patentapplications Ser. Nos. 158,369; 158,174 and 194,836. These patentapplications present systems for generating a product cipher under thecontrol of the unique user key. With careful selection of the size ofthe data block size and the key size, the probability of ever crackingthe cipher becomes extremely small. That is, a cipher becomesimpractical to crack by trial of all possible combinations of the key.This is particularly true if the cipher text reveals no information withregard to the unique user key.

The systems disclosed in the above referenced copending patentapplications are extremely useful in providing secure communications.However, these systems impose a requirement as to a specific messagesize. Generally, most product block ciphers are restricted to a specificmessage vector. Thus, if it is desired to transmit a small number ofbits of information, it is necessary to "pad" the information withextraneous data in order to form the proper size message block.

OBJECTS OF THE INVENTION

Therefore, it is an object of this invention to provide a cryptographicsystem which operates with a variant key which changes for each digit ofmessage information that is processed.

It is another object of the present invention to provide a cryptographicsystem in which the ciphering key is successively varied as a functionof the message cipher output.

It is further object of the present invention to provide a cryptographicsystem in which the cipher key is arranged in a matrix in which thecolumns or rows are rearranged after each cipher operation as a functionof the cipher text generated from operating on the previous message.

SUMMARY OF THE INVENTION

In accordance with this invention, a variant key matrix cipher system isprovided which permits the ciphering of long streams of binary datawithout need for segmenting the stream into predesignated blocks. Thesystem is first initialized with a primer message that is obtained froma random binary source. This random binary source is introduced into thesystem for the purpose of initializing the key matrix. Theinitialization operation is performed at the transmitter in such amanner so as to permit the receiver to duplicate it, step by step, uponreceipt of the cipher digits.

Subsequent to the initialization with the primer, message binaryinformation is introduced into the system for ciphering. The variant keyis changed for each bit of message information that is processed. Thatis, the system operates serially on the message information, bit by bit.A plurality of cascaded modulo-two adders are utilized for the purposeof applying the cipher key to the input message. The intermediateproducts within the plurality of cascaded modulo-two adders are used ina feedback fashion to cause a variation of the key matrix prior toprocessing the next bit of message information. In addition to thevariation of the key matrix caused by the feedback from the modulo-twoadders, a further variance on the key is created by substituting acolumn within the matrix with a binary word that is generated as afunction of a non-affine transformation of the binary word that is inputinto the modulo-two adders. The cipher or decipher output is taken froma single stage of the cascaded modulo-two adders. Both the transmitterand receiver cipher-decipher units operate in exactly the same manner.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of the cryptographic system.

FIGS. 2A, 2B, 2C, 2D, 2E and 2F are a schematic diagram of thecryptographic system shown in FIG. 1.

FIG. 3 is a schematic diagram of one of the K registers shown in FIG.2D.

FIG. 4 is a schematic diagram of one of the N registers shown in FIG. 2.

FIG. 5 is a schematic diagram of the 16 word "S box" shown in FIG. 2.

FIG. 6 is a schematic diagram of the 256 word "S" box shown in FIG. 2.

DETAILED DESCRIPTION OF THE INVENTION

In the art of cryptography there are several classical types ofciphering systems. One of these types is the well-known "key interruptedVigenere" addition cipher. Assuming for example, that a typical messageto be transmitted is, M=21223131311213, and the addition key is 123,i.e., of period 3. Then, a typical addition cipherment would be asfollows: ##EQU1## From observation of this cipher, C, it is apparentthat there is a need for a repeated periodic reuse of the addition keyK. This observation, by those skilled in the art of cryptography hasresulted in various analyses of the Vigenere and other periodic ciphers.In the prior art, many attempts have been made to combine theconvenience of the use of a short fixed key for even fairly longmessages by obfuscating the invariances that use of the key introduces.This has been done through various attempts to stimulate a non-periodicdistribution of the key, K.

Assuming for example, that correspondants communicating with each otherthrough a cipher system agree to use the message letter "l" as anindicator which informs the receiver to discontinue the encipherment forthe following cleartext letters and that to use the next key asprescribed by the periodic function of the key. Instead, the key is usedin a repeated fashion starting with the beginning letter. Consideringthe previous example, if the message letter "l" happens to be theindicator, the encipherment with this new interrupt feature would resultin the following cipher. ##EQU2## The indicators are shown in the aboveexample as being underlines. It should be noted that the periodicity ofthe key has been interrupted by the non-periodic appearances of theindicator "l" in the message M.

While the above ciphering process is an improvement over the ordinaryVigenere, it still contains some weaknesses and is susceptible toanalysis. A much "stronger" cipher may be obtained by instead ofinterrupting the single periodic key, using a key matrix which is acomplex function of the message being ciphered. This would present a setof keys rather than a single interrupted key. These set of keys may berepresented in the form of a matrix which is of suitable size. It shouldbe noted for the purpose of understanding the invention described hereinthat whenever the term suitable size is used, it is generally meant thatthe size is sufficiently large such that using ordinary probabilitytheory it would be impractical for an opponent to attempt allpossibilities in order to guess the unique combination of binary digitswhich represent the key. For example, a matrix of dimension 128×16 wouldbe sufficiently large to avoid trial and error determination of the key.

Referring now to FIG. 1, there is shown a block diagram representationof a variant key matrix cipher system. Initially, the system is"unprimed." That is, key matrix 10 contains an initial key which isstored in the matrix element positions. In order to begin operating thecipher system, it is necessary to prime such system by introducing arandom number from primer 12 into the system for modifying the fixedcipher key within key matrix 10. Primer 12 consists of a random numbergenerator of conventional type which are well known in the art. Therandom number is sequentially introduced into input buffer 14 for inputinto the cipher system. The random number that is output by primer 12 isof sufficent length to cause the entire key to be varied as a functionof the random number. The input buffer 14 serves the function storingthe digital information received from either primer 12 or message source16. Furthermore, input buffer 14 shifts this information into themodulo-two adder 18.

During initialization of the system, the primer 12 feeds a sequence ofrandom digital information to the input buffer 14 which in turn passesthe random information into adder 18. At the modulo-two adder 18, amodulo-two addition is performed on the random binary digits and theinformation contained in selected elements of the key matrix. Forexample, the left-most elements of the first column in the key matrix 10are introduced into the modulo-two adder by lines 20. Then, withinmodulo-two adder 18, a modulo-two addition is performed successively bya set of cascaded single-bit modulo-two additions with each matrixelement and the respective outputs of each of the modulo-two adderscontained in adder 18. The output of the modulo-two addition ispresented on line 22, which output represents the cipher message output.

As an intermediate product of the modulo-two addition performed bymodulo-two adder 18, lines 24 and line 23 are used as feedback controlfor rearranging or scrambling the elements in the key matrix 10.Simultaneous with introduction of the key on lines 20, digitalinformation is fed back along line 26 to non-affine transformationdevice 28. Feedback line 26 contains an N-bit word which represents thedigital information that was introduced into the modulo-two adder 18along lines 20. This N-bit word is reintroduced into selected elementsof the key matrix 10 after transforming the N-bit word through anon-affine transformation device 28. The non-affine transformation maybe performed by a substitution function. Exemplary techniques forgenerating substitutions may be found in the above cross-referencedpatent applications. The transformed N-bit number which is the output ofnon-affine transformation device 28 appears on lines 30 and isintroduced into the key matrix 10 at selected memory elements. Theintroduction of the transformed N-bit number is performed byrespectively placing one digit in each of the rows from whichinformation was taken during the transmitting of information on lines 20to modulo-two adder 18. Thus, there is achieved a conservation ofinformation in the sense that for each binary digit taken out of the keymatrix, another binary digit is replaced into the key matrix. Afterhaving placed the transformed N-bit number in the matrix 10, which forexample, may take the form of loading the right-most column in thematrix with the N-bit transformed number, the system is now ready for amatrix operation.

As was mentioned previously, the information contained on feedback lines24 is fed back in some form to the key matrix 10. The binary informationappearing on lines 24 is introduced into a non-affine transformationdevice 32 for the purpose of creating a P-bit word which is then used byshift control 34 to control the rearrangement of the elements in thematrix. An exemplary transformation is the circulation of each of therows in the key matrix 10 in accordance with a binary number representedby information contained in the shift control 34. After the matrixtransformation operation is executed, the key matrix is now in a formwhich permits the repetition of all of the above steps with a variantkey contained in key matrix 10. When the primer 12 has been exhaustedand message information from message source 16 is introduced into theinput buffer 14.

During the priming operation at the transmitter station, the cipheroutput is sent a receiving station, where a decipher operation isperformed so that subsequent messages may be de-ciphered with anidentical key as is used by the transmitter station. The primer source12 which represents a key element in the system, and the key in the keymatrix 10 must be maintained secure. That is, they must not be able tobe accessed in any manner by individuals using the system. Thesesecurity aspects of primer 12 and matrix 10 may be achieved by usingappropriate seals, circuits which self-destruct upon tampering, or otherwell known means.

Reference should now be made to FIGS. 2A, 2B, 2C, 2D, 2E and 2F wherethere is shown a detailed schematic diagram of the cryptographic system.FIGS. 2A-2F may be arranged in the manner shown in FIG. 2. For thepurpose of simplicity and ease of understanding the invention disclosedherein, the various elements in the cryptographic system have been shownin a reduced size. That is, the size of the key matrix 10 issubstantially smaller than that which would be required in a workingsystem. However, it should be noted that the enlargement of the size ofthe key matrix 10 does not alter any of the principles taught herein butwould make the understanding of the invention much more difficult due tothe sheer increase of the number of elements in the system with theirinterconnecting lines.

The key matrix 10 is represented in FIG. 2 as being formed by eightshift registers. Each of these registers which are designated by thelabels K1 through K8 are identical and are represented in further detailin FIG. 3. Referring to FIG. 3, there is shown the structure of anexemplary K register. For the purpose of describing the system in itscontracted form, it is assumed that each K register is 16 bits long. Thedigital information in the K register is contained in flip-flops 132-1,132-2, . . . , 132-15, 132-16. Each of the K shift registers is a"double rank" shift register with intermediate storage being provided bythe flip-flops labeled 134-1, 134-2, . . . , 134-15, 134-16. In order toexercise the K register, two shift pulses are required. These two shiftpulses are provided on lines labeled "shift 1" and "shift 2" as shown inFIG. 3. When a pulse is applied to a line labeled "shift 1," theinformation contained in flip-flop 132-1 is transferred to flip-flop134-16. Similarly, the information contained in flip-flop 132-2 istransferred to flip-flop 134-1 and the information contained inflip-flop 132-16 is transferred to flip-flop 134-15. When a pulseappears on the line labeled "shift 2," the information contained inflip-flop 134-16 is transferred to 132-16. Similarly, the informationcontained in flip-flop 134-15 is transferred to flip-flop 132-15 and theinformation in flip-flop 134-2 is transferred to flip-flop 132-2 and theinformation in flip-flop 134-1 is transferred to flip-flop 132-1. Inthis manner, a shift of one position to the left is accomplished. Thedigital information in flip-flop 132-16 may be changed by applying aninput to either one of lines 136 or 138. These inputs can extend througheither one of OR circuits 140 or 142 to flip-flop 132-16. Thus, theright-most column represented by the rightmost bit in the K registers ofFIG. 2 may be changed. In FIG. 3, it should be noted that theinformation contained in flip-flop 132-1 and 132-2 extend to the left onlines 144, 146, 148 and 150. These lines extend to circuitry which isdescribed at a further point in this specification.

Now having discussed the operation of one of the K registers in the keymatrix 10, attention is now given to the cipher key variation. Asindicated with regard to FIG. 1, the key matrix has initial key andduring the priming operation, a random message is introduced into thesystem for the purpose of varying the cipher key, which would result ina change and rearrangement of binary "0's" or "1's," contained inelements of the key matrix 10. As discussed previously, this cipher keyis variant and continually changing as a function of the cipher messageoutput.

The continually changing cipher key is varied for each single bit ofinformation, be it primer or message. Referring to FIG. 2, there isshown a cable 165 eminating from the left-most side of the K registersthe binary word presented along cable 165 is made to undergo anon-affine transformation and the transformed binary word is than loadedinto the right-most column of the K matrix, or in other words, theright-most bit in each of the K registers is loaded with the respectivebit from the transformed binary word.

Simultaneous with the generation of the cipher key shift control 34operates in such a manner as to rearrange the elements of the key matrix10. The shift control 34 receives as input a non-affine transformedbinary word derived from the intermediate cipher products of themodulo-two adder 18 and rearranges the elements in the key matrix 10 bycirculating the information contained in each of the K registers K1-K8.The P-bit binary word which is input into the non-affine transformationdevice 32 is derived from a plurality of registers identified as N1, N2,N3, N4, N5, N6, N7 and N8. Each of these registers respectively interactwith the modulo-two addition relating to the respective K registerleft-most bit position.

Now referring to FIG. 4, there is shown a detailed schematic diagram ofone of the N registers. It should be noted, that each of the N registersare identical. The N register is quite similar to the K register shownin FIG. 3 except that it only contains 4-bit positions. Except for itslimited size, the operation of the N register is identical with that ofthe K register. Accordingly, a repetition of such operation will not bepresented herein.

As input to the N register, there is a line 152 which presentsinformation that is added, modulo-two, to the contents of the left-mostflip-flop of the N register. This addition takes place whenever a pulseis applied to the "shift 1" line. When the line labeled "shift 1" isactivated, gate 154 is also activated and permits the modulo-twoaddition to take place. The result of this modulo-two addition is thenentered into the right-most flip-flop of the N register when a pulse isapplied to the "shift 2" line.

As was shown with regard to FIG. 1, the system contains two non-affinetransformation devices 28 and 32. Non-affine transformation device 28 isrepresented by the 256 word "S" box and non-affine transformation device32 is represented by the 16 word "S" box. Both of these non-affinetransformation devices are substitution devices that transform an n-bitbinary word into another n-bit binary word of same dimension, thatpresents one out of the 2^(n) possibilities of binary numbers that canbe contained in the n-bit size word. Both of these substitution devices28 and 32 are shown schematically in FIGS. 5 and 6 respectively. The 16word "S" box of FIG. 5 contains 16 words of 4-bit storage. Each word isaddressed by one of the 16 wires which are contained in cable 156. Thesignal values carried on the 16 wires represent a binary number whichcorresponds to one of the registers which is gated by this binarynumber. Contained in each register is one out of possible 16 binarywords. The input to the 16 word "S" box is a 16-bit binary number whichis the output of decoder 157. Decoder 157 receives a 4-bit modulo-16number from each of the N registers and decodes the 4-bit modulo-2number into a 16-bit binary number. Then, the 16-bit binary number issubstituted in the 16 word "S" box by another 16-bit binary number whichis provided as output on cable 156. The 256 word "S" box operates in avery similar manner to that which was described for the 16 word "S" box.The input to the 256 word "S" box is derived from decoder 161 whichdecodes an 8-bit modulo-256 number as derived from the output of theleft-most column of the key matrix as contained in the left-most bitposition and in each of the K registers. The decoder 161 decodes themodulo-256 number into a 256-bit binary number which is then used as anaddress for selecting one out of the 256 registers that corresponds tothe specific address and provides a substituted 8-bit number modulo-256as output on cable 160.

It should be noted, that the substitution devices as described hereinare in the form of a stored set of binary words which are addressed andgated in accordance with a decoded number. However, other techniques ofperforming substitutions or non-affine transformations are available.For example, reference may be made to cross-referenced patentapplications.

Now having described the separate components of the system, attention isdirected to the operation of the cryptographic system shown in FIG. 2.The priming of the system was previously discussed and will not berepeated at this point. For the purpose of simplicity, it is assumedthat the system is fully primed and that the key matrix 10 asrepresented by the K registers contains a full cipher key. The messagesto be enciphered or deciphered is contained in the input buffer shown inFIG. 2A. The cleartext message as represented by the binary bitscontained in the input buffer are exclusively ORed with the left-mostbit in each of the K registers. The series of eight bits obtained fromthe left-most bit positions of the K registers represent the left-mostcolumn of the key matrix.

A successive chain of exclusive OR operations are executed in generatingthe cipher bits C1, C2, C3, C4, C5, C6, C7 and C8. Bit C8 represents theciphertext information that is transmitted. This bit is communicated asoutput by gate 154 which operates under the control of clock pulse P1.Simultaneous with the generation of cipher bis C1-C8, the next toleft-most bit positions in the eight K registers are also added modulo-2to form the bit identified as N88. The signal appearing on line N88 alsoappears on line 152 of register N8 at the same time that cipher bitsC1-C7 are introduced into the registers N1-N7. It is necessary tosubstitute the pulse on line N88 for the cipher pulse C8 in generatingthe feedback signals for controlling the matrix shift control 34. By notutilizing the output cipher text as direct feedback for the matrix shiftcontrol 34, an additional measure of security is achieved.

Referring again to the cascaded chain of modulo-2 adders shown in FIGS.2A and 2D, it is seen that the cipher bit C1-C7 are intermediateproducts of the successive modulo-2 additions, these cipher bits C1-C7are fed back to the right-most bit positions in the N registers, N1-N7respectively. Thus, when clock pulse P2 is applied to the "shift 1"wires of the N registers, the binary vector consisting of the valuesC1-C7 and the value contained on line N88 is added modulo-2 to theleft-most bit of each of the N registers. When the P-3 pulse is appliedto the "shift 2" lines of the N registers, the values of C1-C7 and N88which were previously entered into the N registers are transferred tothe right-most bit of the N registers shown in FIGS. 2B and 2E.

The pulses P4-P11 are used to transfer the contents of the N registersto the counters shown in FIGS. 2C and 2F. These are identified as CTR1,CTR2, CTR3, CTR4, CTR5, CTR6, CTR7 and CTR8. An example of the transferoperation would be the gating of the contents of register N1 is to CTR1.In a similar manner the contents of the remaining seven registers aretransferred to their respective counters shown in FIGS. 2C and 2F underthe control of clock pulses P-4-P-11. The clock pulses of P-4-P-11perform the additional function of transferring the contents of each ofthe N registers to the 16 word "S" box shown in FIG. 5 as an address forexecuting and substitution. The substituted word which is the output ofthe sixteen word "S" box is gated to the proper counter shown in FIGS.2C and 2F.

At this point, the system is prepared to modify the key matrix 10 byreplacing the right-most column in the matrix with a binary vector whichis a function of the left-most column of the key matrix 10 and thecipher text message. This is accomplished as shown in FIGS. 2A and 2D byoutputting the left-most bit positions of each of the K registers alongcable 162 to decoder 161 for generating an address to select asubstitute word in the 256 word "S" box and outputting the substitutedword along cable 160 to the right-most bit positions of each of the Kregisters. This operation is accomplished under the control of the clockP-12 pulse which is input to gates 166 and 168.

Now having transformed the key matrix 10, the system now performs amatrix shift operation by circulating the information contained in eachof the K registers as a function of the contents contained in the Nregisters. As discussed previously, the contents of the N registers aresubstituted and stored in the counters CTR1-CTR8. It is the countersCTR1-CTR8 which are then used under the control of clock pulsesP-13-P-57 to recirculate the binary bits stored in each of the K shiftregisters.

The registers K are shifted in parallel as many positions as indicatedby their associated counters CTR1-CTR8. Referring to CTR1, at the top ofFIG. 2C, it should be noted that the OR circuit 170 continues to providean output signal to gate 172 until the counter CTR1 contains a binaryvalue zero. The output of the OR gate 170 permits the shift pulses online 100 and 102 to pass through gate 172 for the purpose ofdecrementing the counter CTR1. For each decrement of the counter CTR1,the K1 register is shifted one position. When CTR1 has been decrementedto zero, OR circuit 170 no longer provides a signal output, andtherefore, the shift pulses and the decrement pulse are no longer gatedthrough gate 172. In this manner, the number of shift pulses applied toregister K1 is equal to the number that was stored in CTR1. The countersCTR2-CTR8 operate in identical manner as that described with regard tothe ocunter CTR1. Thus, the variant key matrix as contained in theregisters K1-K8 is scrambled in accordance with contents of countersCTR1-CTR8.

With regard to the control pulses P-1-P-58, reference should be made toTABLE 1 which lists all of the pulses utilized in the system and theirrespective functions. It should further be noted that clock pulsesP-1-P-58 may be provided by conventional clock means.

                  TABLE 1                                                         ______________________________________                                        Clock                                                                         Pulses Function                                                               ______________________________________                                               P-1 outgate message bit                                                       2 Shift 1 - N Box                                                             3 Shift 2 - N Box                                                             4 Gate N1 to 16 word S Box and gate S Box to CTR1                             5 Gate N2 to 16 word S Box and gate S Box to CTR2                             6 Gate N3 to 16 word S Box and gate S Box to CTR3                             7 Gate N4 to 16 word S Box and gate S Box to CTR4                             8 Gate N5 to 16 word S Box and gate S Box to CTR5                             9 Gate N6 to 16 word S Box and gate S Box to CTR6                             10 Gate N7 to 16 word S Box and gate S Box to CTR7                            11 Gate N8 to 16 word S Box and gate S Box to CTR8                            12 Gate K11-K81 vector to 256 word S Box and gate                             S Box to K15-K85 vector                                                       13 Shift 1 - K registers                                               1      14 Shift 2 - K registers                                                      15 Decrement counters                                                         16 Shift 1 - K registers                                               2      17 Shift 2 - K registers                                                      18 Decrement counters                                                         19 Shift 1 - K registers                                               3      20 Shift 2 - K registers                                                      21 Decrement counters                                                         22 Shift 1 - K registers                                               4      23 Shift 2 - K registers                                                      24 Decrement counters                                                         25 Shift 1 - K registers                                               5      26 Shift 2 - K registers                                                      27 Decrement counters                                                         28 Shift 1 - K registers                                               6      29 Shift 2 - K registers                                                      30 Decrement counters                                                         31 Shift 1 - K registers                                               7      32 Shift 2 - K registers                                                      33 Decrement counters                                                         34 Shift 1 - K registers                                               8      35 Shift 2 - K registers                                                      36 Decrement counters                                                         37 Shift 1 - K registers                                               9      38 Shift 2 - K registers                                                      39 Decrement counters                                                         40 Shift 1 - K registers                                               10     41 Shift 2 - K registers                                                      42 Decrement counters                                                         43 Shift 1 - K registers                                               11     44 Shift 2 - K registers                                                      45 Decrement counters                                                         46 Shift 1 - K registers                                               12     47 Shift 2 - K registers                                                      48 Decrement counters                                                         49 Shift 1 - K registers                                               13     50 Shift 2 - K registers                                                      51 Decrement counters                                                         52 Shift 1 - K registers                                               14     53 Shift 2 - K registers                                                      54 Decrement counters                                                         55 Shift 1 - K registers                                               15     56 Shift 2 - K registers                                                      57 Decrement counters                                                         58 shift input buffer                                                  ______________________________________                                    

While the invention has been described in terms of the exemplaryembodiment disclosed herein, it should be recognized by those skilled inthe art that alternative embodiments for carrying out the invention arewithin the skill of the art. For example, while the disclosed embodimentperforms a key matrix shifting operation by effectively rearranging eachof the rows in the matrix, it is possible to operate on the columnsinstead of the rows of the matrix or alternatively to transform both therows and columns. Also, at any point in the above description, where aspecific position of a register is accessed, it should be recognized bythose skilled in the art that alternative embodiments may be made inwhich there is variation on which of the specific elements in theregister are utilized at any specific time.

It should also be recognized by those skilled in the art thatcryptographic techniques in general may be implemented in either"hardware" and "software." That is, the operations performed inciphering a binary message are easily implemented by a computer programoperating on a general purpose computer. For example, the inventiveprocess disclosed herein may be implemented in the form of an APLprogram. Reference should be made to the following reference manuals forunderstanding the APL computer program language, APL/360 An InteractiveApproach, L. Gilman and A. J. Rose, John Wiley & Sons, Inc., New York,1970; and APL/360 User's Manual, A. D. Falkoff and K. E. Iverson, IBM,1968.

An exemplary APL program which can carry out the inventive process isdescribed as follows:

    ______________________________________                                        ∇SBIKICK[□]∇                                     ∇ C←R SBIKICK F;V;D;G;C1;C2;C3;Z;T;KD;D                         ______________________________________                                        [1]     K←?4 32 ρ2                                                   [2]     V←K                                                              [3]     F←`E                                                             [4]     F←(?(8 × R)ρ2,F                                        [5]     F←F,(,(8ρ2) N ALF PASS)                                      [6]     KD←(4,(ρF))ρ0                                            [7]     C←E←0                                                       [8]     D←(4 5)ρ0                                                    [9]     L1:C←C,V[3;0]≠C3←V[2;0]≠C2←V[2;0].noteq            .C1←                                                                     V[0;0]≠F[E]                                                     [10]    KD[;E]←V[;0]                                                     [11]    G←C1,C2,C3,(2| + /V[;1])                                [12]    D[;4]←D[;4]≠G                                              [13]    Z←LTH D←1φD                                             [14]    V[;15]←P ESS V[;15]                                              [15]    V←(1 + Z)φV                                                  [16]    VV←V                                                             [17]    →((ρF)>E←E + 1)/L1                                    [18]    □←0                                                   [19]    `01`[C]                                                               [20]    □←0                                                   [21]      `01` [KD]                                                           [22]    □←0                                                   [23]∇                                                                          `01`[2| + /φKD[;ρF]]                               ______________________________________                                        AUXILIARY FUNCTIONS                                                           ______________________________________                                                  ∇CODE[□]∇                                  ∇                                                                          C←CODE;Y                                                       [1]       Y←ALF WRITE                                                    [2]       Y←(8ρ2) N Y                                                [3]       C←`01`[,Y]                                                         ∇                                                                          ∇DECODE[□]∇                                ∇                                                                          Z←DECODE C;Y                                                   [1]       Y←`01`  C                                                      [2]       Y←(( ((ρY) ÷ 8);8)ρY)                              [3]       Y←(8ρ2] B Y                                                [4]       Z←ALFN[Y]                                                          ∇                                                                          ∇WRITE[□]∇                                 ∇                                                                          TEXT←WRITE                                                     [1]       TEXT←0                                                         [2]       →(2 3)[Δ/`)END` = 4ρ.sup.- 5↑TEXT←TE              XT, ,ALF[64]]                                                       [3]       TEXT←.sup.- 5↓TEXT                                          ∇                                                                          ∇N[□]∇                                     ∇                                                                          E←V N A;IR1                                                    [ 1]      E←(((ρA),ρV)ρV)|A°. ÷                    ((1↓V) . *IR1° ≧ TR1 .                                   .sup.-1 + ρV),1                                                 [2]       THIS FUNCTION IS IDENTICAL TO THE                                             OPERATOR EXCEPT THAT IT CAN TAKE                                              A VECTOR RIGHT ARGUMENT                                                 ∇                                                                          ∇B[□]∇                                     ∇                                                                          E←V B A;IR1                                                    [1]       E←A + . × ((1↓V) × .*IR1°..gtoreq              .IR1←.sup.- 1 + ρV),1                                      [2]       THIS FUNCTION IS INDENTCAL TO THE                                             OPERATOR ⊥ EXCEPT THAT IT CAN TAKE                                       A MATRIX RIGHT ARGUMENT                                                 ∇                                                                          ∇ESS[□]∇                                   ∇                                                                          C←P ESS M;U                                                    [1]       U←LTH M                                                        [2]       C←P[U]                                                         [3]       C←HTLI C                                                           ∇                                                                          ∇LTH[□]∇                                   ∇                                                                          N←LTH A                                                        [1]       N←A + . × φ 2* .sup.- 1↑(ρA)                   ∇                                                                          ∇ HTLI[□]∇                                 ∇                                                                          B←HTLI V                                                       [1]       B←2| V°. ÷ φ2* ( 2 .                   ______________________________________                                                  ρP)                                                         

In order to make the above program more easily understood, the aboveprogram is described by the following functions.

[1] Specifies the basic key as being a 4 by 32 matrix of 128 binarydigits, although more or fewer rows and columns could be used.

[2] Specifies V as being like K. This is needed because V will bemodified by the program.

[3] Deliteralizes the input message F. This is necessary if the inputfunction is "CODE."

[4] This type of system requires a priming operation. This statementprecedes F by R randomly selected bytes, different for each message.

[5] Catenates at the end of F the verifier "PASS." PASS is a variablewhich can be specified to be anything. ALF is the complete APL keyboardalphabet.

[6] Creates an array of 4 by ρ F zeros, to later display the actual keymatrix as used.

[7] Sets C and E=0. E is a counter, C serves as a zero for cateration.

[8] Creates a 4 by 5 zero array, to be filled in a nonsystematic manneras a function of messages and key to provide the kicking information.

[9] Specifies column 0 (i.e., initially E=0) of the key matrix and addsdigit in row 0 to the first digit of F, this being part of the firstrandom bytes. The resulting digit is added mod 2 to the key digit in thesecond row, etc.

[10] Respecifies column E of display KD with key column 0 as actuallyused, for later display, if desired.

[11] Forms binary vector G from C1, C2, C3 and the sum mod 2 of thedigits in column 1 of key matrix. This is the information to be used tokick the rows of the key matrix.

[12] Respecifies D with G.

[13] Shifts columns of D by one step and converts binary array into fournumerals base 32.

[14] ESS is a substitution ("S"), the point permutation being specifiedby P. This substitution is now used to replace column 15 (or any othercolumn) of key matrix by its S substitute.

[15] Takes vector 1+z and uses its components to kick rows of matrix V.

[16] Is a spacer.

[17] Is the counter.

[18] Is a spacer.

[19] Displays the cipher.

[20] Is a spacer.

[21] Displays the actual key matrix used.

[22] Is a spacer.

[23] Displays the sum mod 2 of all the columns of KD.

What is claimed is:
 1. A variant key cryptographic systemcomprising:input means for introducing a plurality of electrical signalsin binary form as message information to be enciphered or deciphered;priming means for presenting a plurality of random binary signals tosaid input means to initialize the system prior to introducing messageinformation thereto, matrix storage means for arranging a cipher key inan n×m matrix array, wherein m and n are greater than 1; a plurality ofmodulo-two adders interconnected with each other for adding selectedelements from said matrix with binary signals obtained from said inputmeans; feedback means connected to said plurality of modulo-two adders;non-affine transformation means connected to said feedback means fortransforming the feedback signals present on the lines contained in saidfeedback means; shift control means connected to said non-affinetransformation means for rearranging selected matrix elements withinsaid n×m matrix array.
 2. The system as defined in claim 1 wherein saidplurality of modulo-two adders are arranged in a cascaded fashion. 3.The system as defined in claim 2 wherein said priming means is anexternal source of random binary signals.
 4. The system as defined inclaim 2 wherein said feedback means further comprises a plurality oflines connected to intermediate stages of said modulo-two adders and atleast one line connected to an element within said matrix which elementis also connected to one of said plurality of modulo-two adders.
 5. Thesystem as defined in claim 4 wherein said non-affine tranformation meansis a substitution device.
 6. The system as defined in claim 5 whereinsaid substitution device comprises coding-decoding means for convertingfrom one base number to another base number.
 7. The system as defined inclaim 6 wherein said matrix consists of a plurality of shift registerseach capable of shifting information within the register for rearranginga column or row of the matrix;shift control output means for specifyingthe number of shifts that are to be executed by each of said pluralityof shift registers.
 8. A variant key cryptographic systemcomprising:input means for introducing a plurality of electrical signalsin binary form as message information to be enciphered or deciphered;priming means for presenting a plurality of pseudo-random binary signalsto the input means to initialize the system prior to introducing messageinformation thereto, matrix storage means for arranging a cipher key inan n×m matrix array wherein m and n are greater than 1; a plurality ofmodulo-two adders interconnected with each other for adding selectedelements from said matrix with binary signals obtained from said inputmeans; feedback means connected to said plurality of modulo-two adders;first non-affine transformation means connected to said feedback meansfor transforming the feedback signals present on the lines contained insaid feedback means; shift control means connected to said firstnon-affine transformation means for rearranging selected matrix elementswithin said n×m matrix array; second feedback means connected toselected elements of said matrix for providing a binary word to a secondnon-affine transformation means; said second non-affine transformationmeans generating a variant binary vector that is stored in selectedelements within the key matrix.
 9. The system as defined in claim 8wherein said second non-affine transformation means is a substitutiondevice. .Iadd.
 10. A variant key cryptographic system comprising:meansfor introducing a plurality of electrical signals in binary form asmessage information to be enciphered or deciphered; priming means forpresenting a plurality of random binary signals to said input means toinitialize the system prior to introducing message information thereto,means for storing and rearranging a cipher key, a plurality ofmodulo-two adders interconnected with each other for adding selectedelements from said storage means with binary signals obtained from saidinput means; feedback means connected to said plurality of modulo-twoadders; non-affine transformation means connected to said feedback meansfor transforming the feedback signals present on the lines contained insaid feedback means; control means connected to said non-affinetransformation means for rearranging selected elements within saidstorage means. .Iaddend. .Iadd.
 11. A variant key cryptographic systemcomprising;input means for introducing a plurality of electrical signalsin binary form as message information to be enciphered or deciphered;priming means for presenting a plurality of pseudo-random binary signalsto the input means to initialize the system prior to introducing messageinformation thereto, storage means for storing and rearranging a cipherkey; a plurality of modulo-two adders interconnected with each other foradding selected elements from said storage means with binary signalsobtained from said input means; feedback means connected to saidplurality of modulo-two adders; first non-affine transformation meansconnected to said feedback means for transforming the feedback signalspresent on the lines contained in said feedback means; control meansconnected to said first non-affine transformation means for rearrangingselected elements within said key storage means; second feedback meansconnected to selected elements of said storage means for providing abinary word to a second non-affine transformation means; said secondnon-affine transformation means generating a variant binary vector thatis stored in selected elements within the key storage means. .Iaddend.